FOUND

A to­tal of 304 peo­ple died when the Se­wol sank on April 16, 2014, touch­ing off an out­pour­ing of na­tional grief and soul search­ing in South Korea about long-ig­nored pub­lic safety and reg­u­la­tory fail­ures. Pub­lic out­rage over what was widely seen as a botched res­cue NORTH KOREA

Sev­eral sets of in­ves­ti­ga­tors re­ported ten­ta­tive find­ings that sug­gest hack­ers linked to North Korea might have been in­volved with Wan­naCry. But they could all be draw­ing con­clu­sions from a very small set of clues.

On Mon­day, the Rus­sian se­cu­rity firm, Kasper­sky Lab, said por­tions of the Wan­naCry pro­gramme used the same code as mal­ware dis­trib­uted by the Lazarus Group, a hacker col­lec­tive be­hind the 2014 Sony hack.

An­other se­cu­rity com­pany, Sy­man­tec, re­lated the same find­ings, which it char­ac­terised as in­trigu­ing but “weak” as­so­ci­a­tions, since the code could have been copied from the Lazarus mal­ware.

Two law en­force­ment of­fi­cials like­wise said US in­ves­ti­ga­tors sus­pected North Korea, based on code sim­i­lar­i­ties; the of­fi­cials called that find­ing pre­lim­i­nary. ef­fort by the gov­ern­ment con­trib­uted to the ouster of for­mer Pres­i­dent Park Geun-hye, who was re­moved from of­fice and ar­rested in March over broad cor­rup­tion charges.

In March, sal­vage work­ers com­pleted a Her­culean ef­fort to raise the 6,800-tonne ferry from wa­ters off the coun­try’s south­west coast and tow it to port in Mokpo, where in­ves­ti­ga­tors con­tinue to search the wreck­age.

In re­cent days, they re­ported the dis­cov­ery of sus­pected hu­man bones that they put up for DNA test­ing.

The Oceans and Fish­eries Min­istry said Koh’s bone was not

But Wan­naCry re­mained a puz­zle, in part be­cause some of its el­e­ments seemed am­a­teur­ish.

Salim Neino, CEO of the Los Angeles-based se­cu­rity firm Kryp­tos Logic, said the Wan­naCry worm was “poorly de­signed” — patched to­gether and con­sist­ing of a “sum of dif­fer­ent parts” with an un­so­phis­ti­cated pay­ment sys­tem.

DIG­GING OUT

One of the or­gan­i­sa­tions hard­est hit by Wan­naCry — the United King­dom’s Na­tional Health Ser­vice — ap­peared to be re­cov­er­ing. Last Fri­day, many NHS hos­pi­tals turned away pa­tients af­ter Wan­naCry locked up com­put­ers, forc­ing the clo­sure of wards and emer­gency rooms.

NHS Dig­i­tal, the body that over­sees cy­berse­cu­rity in Bri­tain’s health sys­tem, told hos­pi­tals to dis­con­nect all in­fected com­put­ers, ap­ply a Mi­crosoft found in the wreck­age, but by divers who were search­ing wa­ters where the ferry was raised from.

Koh’s wife, Yoo Baek-hyeong, emo­tion­ally re­acted in March af­ter the ferry was raised and put on a trans­port ves­sel for what be­came a week-long jour­ney to Mokpo.

“He was in the dark and fright­en­ing deep seas for three years, but he’s now go­ing to Mokpo,” Yoo said then.

“I want to find even just a piece of his hair. He would be wear­ing his wed­ding ring . ... I want to find all of those things.”

The ferry’s cap­tain sur­vived and is serv­ing a life sen­tence af­ter a court found him guilty of com­mit­ting homi­cide through “will­ful neg­li­gence” be­cause he fled the ship with­out is­su­ing an evac­u­a­tion or­der. AP patch that closed the vul­ner­a­bil­ity, then “roll back” the in­fected com­put­ers and re­store them from backed-up files.

SIGN OF HACKS TO COME

Wan­naCry could serve as a kind of tem­plate for fu­ture cy­ber­at­tacks. Neino of Kryp­tos Logic, for in­stance, said the leak of the NSA hack­ing tools had sig­nif­i­cantly nar­rowed the gap be­tween na­tions and in­di­vid­u­als or cy­ber gangs.

“The con­cern has al­ways been, when are the real bad guys, the ones that don’t care about rules of en­gage­ment, the ones who are re­ally out to hurt us, will they be­come cy­ber-ca­pa­ble?” he said on Mon­day night.

“I think we found out that those who re­ally want to hurt us have be­gun to, be­cause they be­came cy­ber-ca­pa­ble the mo­ment that the NSA cy­ber­tools were re­leased.” AP